Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.

You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.

My XP doesn't have that much life left in it before I upgrade to 7, so, out of boredom and sheer malice, I re-enabled Windows Update after a long hiatus, to see what gifts it would bring. And lo, I am bored no longer!

I got three such screens in sequence. I am of course assuming it is a false positive, but I still clicked Deny, because (unlike UAC ) anti-virus software is often useful and I won't ignore its advice blindly. AV heuristics is off, by the way, so Avira must have seen something it knows to be wicked.

What to do, what to do? Trust that no-one hacked into Windows Update servers and placed a trojan there, or trust Avira knows a trojan when it sees one? It's almost like Russian Roulette, isn't it?

What you do is go track down that file, and upload it to a site that will scan it with lots of antivirus programs, like http://www.virustotal.com/Then you'll have a second and third and fourth opinion.

And you also search for information on the reported malware found, in your case "tr_crypt.xpack.gen", and when you do you realize the "gen" stands for generic, which is your first signal that this is probably a false positive. more info:http://www.avira.com/en/t...8/tr_crypt.xpack.gen.html

i have written over and over again, and am getting sick of repeating myself, that antivirus companies MUST STOP this ridiculous behavior where they report wild guesses as confident detections. it is absolutely inexcusable.

The file is no longer there - as you can see from the filename, it was a temporary file. Either it got successfully renamed to who-knows-what, or Avira prevented storing the file, or it was a "system temp" file and got automatically unlinked as soon as the downloader closed it.

i have written over and over again, and am getting sick of repeating myself, that antivirus companies MUST STOP this ridiculous behavior where they report wild guesses as confident detections. it is absolutely inexcusable.

this is another pet peeve i have, antivirus alert windows that dont show you the full filename of the detected file. these companies seem so damned determined to not let the user figure out what is going on.

At least UAC gives you a clear indication that an application is trying to access locations that most applications shouldn't - with the amount of false positives AV products throw, all bets are off.

f0dder, it seems there is no way we are ever going to agree on this.

Every UAC notification is a false positive by design, because UAC doesn't know that the application is trying to do anything untoward, so it warns about practically all of them. AV software at least tries to detect actual harm.

I'll take a false positive from AV software once a week or so(*) - though I do agree they are insidious and cause grief to upstanding developers. But so does UAC.

That said, the only actual benefit I got from running AV since I recall has been limited to stopping trojans on other people's pendrives, or my own after I'd taken them to a printing shop. (I have yet to see a printing shop with an uninfected computer.) I disable autorun as a rule, but at least once I've realized it was enabled for USB drives while I wasn't aware of that. Whether this is sufficient pay-off for the performance penalty associated with real-time protection and 60+ MB memory use, I honestly don't know. There should be a better way - like me being still more diligent about disabling autorun for all removable drives.

Unfortunately there's still a lot of software that isn't, because MS made the bad decision to make the default NT account administrator (started to become a problem with Win2k which had some mainstream usage, and especially once XP was introduced) - and of course for Win9x being a total p.o.s. without a concept of security.

At least Vista and the UAC popups are now forcing developers to look at their crappy code and do things properly... as well as providing security

Today Avira decided uTorrent.exe was a trojan. Similar reports to be found on uTorrent forum. For my part, I have declared Avira malware and removed it. I really hope Mouser's Superior AV project takes off!

FWIW, Kaspersky is one AV that you can decide not to run at startup, or quit it when it is running, and it won't leave any services behind when you do. This means it can be used in manual-only mode, but with a slight hitch: the right-click menu command to scan a file is inactive if Kaspersky is not running. This means that in order to check a file you must start KAV, then right-click a file and scan, then quit KAV.

The KAV installer detects all these products and uninstalls them (!) for you. Thankfully there is a prompt, but you cannot continue installing KAV as long as it detects any of the listed products. There is a procedure to skip the check, but it's not for the timid:http://support.kaspersky....010/install?qid=208280398

At least UAC gives you a clear indication that an application is trying to access locations that most applications shouldn't - with the amount of false positives AV products throw, all bets are off.

f0dder, it seems there is no way we are ever going to agree on this.

Every UAC notification is a false positive by design, because UAC doesn't know that the application is trying to do anything untoward, so it warns about practically all of them.

I hated UAC on Vista so much that I disabled it. On Windows 7 it doesn't seem that bad. But that might be because I've been using Ubuntu off and on since January (nearly a year now!) and I find Windows 7's UAC prompts to be about the same as Ubuntu's "pop-up protection" (whatever it's called). Only Ubuntu's is "worse" because you have to type in your password every time to grant administrator privileges. At least in UAC you can just click the "Allow" button.

The KAV installer detects all these products and uninstalls them (!) for you. Thankfully there is a prompt, but you cannot continue installing KAV as long as it detects any of the listed products. There is a procedure to skip the check, but it's not for the timid:http://support.kaspersky....010/install?qid=208280398

That's one hell of an un!impressive list. What's got an AV to do with a firewall (Outpost in my case)?

One month ago, after an update Avira started to brand all my AutoHotKey compiled programs as trojan. I began to think which part of the code triggered the false alarm, was it the low-level keyboard hook or the program's signature 'AutoHotKey'?